PHP generateSalt函数代码示例

function addNewUser($dbHandler, $username, $password, $permission)
{
    $thisUserPasswordSalt = generateSalt(5);
    $thisUserPasswordHash = md5($password . $thisUserPasswordSalt);
    // create table and insert first root user
    $dbHandler->query("INSERT INTO users (username, salt, password, permissions) VALUES('{$username}', '{$thisUserPasswordSalt}', '{$thisUserPasswordHash}', {$permission});");
}

 /**
  * Register Admin
  */
 function register()
 {
     initiateSession();
     $this->set("title", "Sevasetu | New Admin");
     if (isset($_SESSION['admin_hash'])) {
         header("LOCATION: /admins/dashboard");
     }
     $name = sqlSafe($_POST['name']);
     $username = sqlSafe($_POST['username']);
     $password = sqlSafe($_POST['password']);
     $password2 = sqlSafe($_POST['password2']);
     $salt = generateSalt();
     $email = sqlSafe($_POST['email']);
     if ($password === $password2) {
         $password = generateHash($password . $salt);
     } else {
         $this->set("message", "Password doesn't match");
         return false;
     }
     if ($this->Admin->insertAdmin($name, $username, $email, $salt, $password) == true) {
         $this->set("message", "Administrator Registered.");
     } else {
         $this->set("message", "Unable to register admin");
     }
 }

function registreerNieuweUser($login, $pasw)
{
    $_SESSION["msg"] = "Registratie niet gelukt. Probeer later opnieuw.";
    //default message
    //controleren of de login reeds gebruikt is....
    $connection = new W_DatabaseHelper("cms");
    $querystring = "SELECT * \n\t\t\t\t\t\t FROM users \n\t\t\t\t\t\t WHERE naam LIKE :login \n\t\t\t\t\t\t";
    $bindValues = [":login" => $login];
    $resultset = $connection->query($querystring, $bindValues);
    //$resultset = $connection->query($querystring);
    //var_dump($resultset);
    if (sizeof($resultset) > 0) {
        $_SESSION["msg"] = "Deze naam is reeds in gebruik. Gelieve een andere login te kiezen.";
    } else {
        $querystring = "INSERT INTO users(naam, paswoord, salt) \n\t\t\t\t\t\t\tVALUES (:login, :pasw, :newsalt) \n\t\t\t\t\t\t\t";
        ///// SECURITY voor paswoord...
        //salt aanmaken
        $newsalt = generateSalt();
        //parameter 5 in onderstaande lijn betekent dat we kiezen voor algoritme SHA256...
        $pasw = hash("sha256", $pasw . $newsalt);
        var_dump($pasw);
        $bindValues = [":login" => $login, ":pasw" => $pasw, ":newsalt" => $newsalt];
        $resultset = $connection->query($querystring, $bindValues);
        $validatedUser = checklogin($login, $pasw);
        $_SESSION["msg"] = "Proficiat met uw registratie. U bent meteen ook ingelogd met uw nieuwe login en paswoord.";
        /// get the new user's userid...
        $querystring = "SELECT userid FROM users\n\t\t\t\t\t\t\tWHERE naam LIKE :login \n\t\t\t\t\t\t\tAND paswoord LIKE :pasw \n\t\t\t\t\t\t\tAND salt LIKE :newsalt\n\t\t\t\t\t\t\t";
        $bindValues = [":login" => $login, ":pasw" => $pasw, ":newsalt" => $newsalt];
        $resultset = $connection->query($querystring, $bindValues);
        var_dump($resultset);
        $_SESSION["user"] = $resultset[0];
        $_SESSION["username"] = $login;
    }
    //return $resultmessage;
}

 public function createAdmin($username, $email, $password)
 {
     if ($this->input->is_cli_request()) {
         $saltkey = generateSalt();
         $salt_password = crypt($password, $saltkey);
         $this->setup_model->generateAdmin($username, $saltkey, $salt_password, $email);
     }
 }

function adduser($username, $password, $level, $email = "", $realname = "", $can_modify_passwd = '1', $description = "")
{
    if (!user_exists($username)) {
        $encrypted = crypt($password, '$1$' . generateSalt(8) . '$');
        return dbInsert(array('username' => $username, 'password' => $encrypted, 'level' => $level, 'email' => $email, 'realname' => $realname, 'can_modify_passwd' => $can_modify_passwd, 'descr' => $description), 'users');
    } else {
        return FALSE;
    }
}

function hashUserID($ID)
{
    $salt1 = generateSalt($ID);
    // reverse the $ID and generate another salt
    $salt2 = generateSalt(strrev((string) $ID));
    $salted = $salt1 . $ID . $salt2;
    $hashUserID = hash("sha256", $salted);
    //    $hashUserID = $ID;
    return $hashUserID;
}

function passwordEncrypt($password)
{
    // use Blowfish with a "cost" of 10
    $hash_format = "\$2y\$10\$";
    $salt_length = 22;
    $salt = generateSalt($salt_length);
    $format_and_salt - $hash_format . $salt;
    $hash = crypt($password, $format_and_salt);
    return $hash;
}

 public function testGenerateSalt()
 {
     // each salt is unique, so we test length of salt generated
     $this->assertEquals(22, strlen(generateSalt(22)));
     $this->assertEquals(1, strlen(generateSalt(1)));
     $this->assertEquals(0, strlen(generateSalt(0)));
     $this->assertEquals(40, strlen(generateSalt(40)));
     // test that no two salts are identical
     $this->assertFalse(generateSalt(22) == generateSalt(22));
     $this->assertFalse(generateSalt(4) == generateSalt(4));
     // salts of length 0 are identical
     $this->assertEquals(generateSalt(0), generateSalt(0));
 }

/**
 * This function compares the submitted email & password to those in the user
 * table for a match and starts a session with ['loggedIn'} = TRUE if found.
 * @return boolean
 */
function userIsLoggedIn()
{
    $salt = generateSalt($_POST['email']);
    $password = generateHash($salt, $_POST['password']);
    if (databaseContainsUser($_POST['email'], $password)) {
        $_SESSION['loggedIn'] = TRUE;
        $_SESSION['email'] = $_POST['email'];
        $_SESSION['password'] = $password;
        return TRUE;
    } else {
        unset($_SESSION['loggedIn']);
        unset($_SESSION['email']);
        unset($_SESSION['password']);
        return FALSE;
    }
}

 /**
  * Sets the contents for the processing of user registration form
  */
 function register()
 {
     initiateSession();
     $this->set("title", "IEEE NIEC | New User Registration");
     if (isset($_SESSION['user_id'])) {
         header("LOCATION: /indexs/home");
     }
     $name = sqlSafe($_POST['name']);
     $username = sqlSafe($_POST['username']);
     $password = sqlSafe($_POST['password']);
     $password2 = sqlSafe($_POST['password2']);
     $salt = generateSalt();
     $email = sqlSafe($_POST['email']);
     $dor = date("Y-m-d H:i:s");
     $dob = sqlSafe($_POST['dob']);
     $profilepicPath = ROOT . DS . 'public' . DS . 'uploads' . DS . 'dp' . DS . 'default.jpg';
     if ($password === $password2) {
         $password = generateHash($password . $salt);
     } else {
         $this->set("message", "Password doesn't match");
     }
     $profilepic = new Image($_FILES['profile_picture']);
     $profilepic->setUploadPath(ROOT . DS . 'public' . DS . 'uploads' . DS . 'dp');
     if ($profilepic->validate() == false) {
         $this->set("message", "Unsupported Image Format for profile picture. Try again.");
     } else {
         if ($profilepic->moveUploadedImage() == true) {
             $profilepicPath = $profilepic->getUploadLocation();
             $profilepic = null;
         } else {
             $this->set("message", "Error uploading profile picture. Try again after some time.");
         }
     }
     if ($this->User->insertUser($name, $username, $password, $salt, $email, $dob, $dor, $profilepicPath) == -1) {
         $this->set("message", "There was some error processing your request. Try again later.");
     } else {
         $this->sendActivationMail($username);
         $this->set("message", "Registration Successful. Please check your mail to activate your account.");
     }
 }

function recoverSendMail($db, $sEmail)
{
    global $config;
    $row = getUserFromEmail($db, $sEmail);
    if (!$row) {
        echo json_encode(array("success" => false));
        return;
    }
    $sRecoverCode = generateSalt();
    $query = "UPDATE `user` SET `recoverCode` = ? WHERE `ID` = ?";
    $stmt = $db->prepare($query);
    $stmt->execute(array($sRecoverCode, $row->ID));
    if ($sEmail !== "") {
        $link = $config->teacherInterface->sCoordinatorFolder . "/recover.php?action=recover&email=" . urlencode($sEmail) . "&recoverCode=" . urlencode($sRecoverCode);
        $sBody = "Bonjour,\r\n\r\nPour définir un nouveau mot de passe, ouvrez le lien suivant dans votre navigateur  : \r\n\r\n" . $link . "\r\n\r\nN'hésitez pas à nous contacter si vous rencontrez des difficultés.\r\n\r\nCordialement,\r\n--\r\nL'équipe du Castor Informatique";
        $sTitle = "Réinitialisation de mot de passe Coordinateur Castor Informatique";
        sendMail($sEmail, $sTitle, $sBody, $config->email->sEmailSender);
        //$params = array('recoverCode' => $recoverCode, 'email' => $email);
        //http_post("eval01.france-ioi.org", 80, "/castor/sendMail2.php", $params);
    }
    echo json_encode(array("success" => true));
}

/**
 * @param $username
 * @param $userpass
 * @return bool|object
 * Login.
 */
function login($username, $userpass)
{
    if ($username == "" || $userpass == "") {
        return false;
    }
    $salt = "";
    $sql = "SELECT Salt, UserID FROM tbl_users WHERE Email = " . convertForInsert($username);
    $mysqli = new mysqli(Database::dbserver, Database::dbuser, Database::dbpass, Database::dbname);
    $rs = $mysqli->query($sql);
    while ($row = $rs->fetch_assoc()) {
        $userid = $row['UserID'];
        $salt = $row['Salt'] == "" ? generateSalt($userid) : $row['Salt'];
    }
    $salted = encryptPassword($userpass, $salt);
    $rs->free();
    $mysqli->close();
    $sql = "SELECT UserID, FirstName FROM tbl_users WHERE Email = " . convertForInsert($username) . " AND Password = " . convertForInsert($salted);
    $mysqli = new mysqli(Database::dbserver, Database::dbuser, Database::dbpass, Database::dbname);
    $rs = $mysqli->query($sql);
    if ($rs->num_rows < 1) {
        //we don't have this user
        return false;
    } else {
        while ($row = $rs->fetch_assoc()) {
            $data = array("success" => true, "usertoken" => generateToken($row['UserID']), "userfirstname" => $row['FirstName']);
            return json_encode($data);
        }
        //return true;
    }
}

function createUsers($IDs, $role, $dbConn, $isIDsHashed = false, $firstName = null, $lastName = null)
{
    global $AES_key, $DEPLOYMENT_NAME;
    $userIDs = null;
    // deal with null firstname & lastname, convert to "NULL" for SQL
    $firstName = $firstName == null ? "NULL" : $firstName;
    $lastName = $lastName == null ? "NULL" : $lastName;
    // convert to array
    if (!is_array($IDs)) {
        $IDs = (array) $IDs;
    }
    foreach ($IDs as $ID) {
        //TODO: add DB contraint unique per user
        // This function can be called either with a pre-hashed ID or an unhashed userID
        // situations for calling with a pre-hashed ID include updating a class list, or
        // giving existing users permissions (student or instructor) to a new class
        $isIDsHashed ? $hashUserID = $ID : ($hashUserID = hashUserID($ID));
        // Check to see if the user already existed
        $query = "SELECT id FROM users WHERE hash_user_id LIKE '{$hashUserID}'";
        $result = mysql_query($query, $dbConn);
        $resultText = $result == false ? "<div style=\"color:red;\">failed, error: " . mysql_error($dbConn) . "</div>" : "<div style=\"color:green;\">ok, retVal: " . mysql_result($result, 0) . "</div>";
        print "<br/>Debug Info: {$query} - Result: {$resultText}<br/>";
        // get the OVAL userID of the last insert of this hashed university ID
        if (1 == mysql_num_rows($result)) {
            $userID = mysql_result($result, 0);
        } else {
            $saltedID = $ID . generateSalt($ID);
            if ($DEPLOYMENT_NAME === "dev") {
                $query = "INSERT INTO users VALUES (NULL, '{$hashUserID}', AES_ENCRYPT('{$saltedID}', '{$AES_key}'), '{$firstName}', '{$lastName}', {$role}, NULL)";
            } else {
                $query = "INSERT INTO users VALUES (NULL, '{$hashUserID}', '', '{$firstName}', '{$lastName}', {$role}, NULL)";
            }
            $result = mysql_query($query, $dbConn);
            $resultText = $result == false ? "<div style=\"color:red;\">failed, error: " . mysql_error($dbConn) . "</div>" : "<div style=\"color:green;\">ok, retVal: " . mysql_result($result, 0) . "</div>";
            $query = str_replace($AES_key, "", $query);
            print "<br/>Debug Info: {$query} - Result: {$resultText}<br/>";
            // user already exists so query id
            $userID = mysql_insert_id();
        }
        //print "userID:$userID<br />";
        // collect users.id
        $userIDs[] = $userID;
    }
    return $userIDs;
}

function password_reset_by_token($username, $token, $password, $repeat_password)
{
    $userid = is_simplerisk_user($username);
    // Verify that the passwords match
    if ($password == $repeat_password) {
        // If the username exists
        if ($userid != 0) {
            // If the reset token is valid
            if (is_valid_reset_token($username, $token)) {
                // Open the database connection
                $db = db_open();
                // Create the new password hash
                $salt = generateSalt($username);
                $hash = generateHash($salt, $password);
                // Update the password
                $stmt = $db->prepare("UPDATE user SET password=:hash WHERE username=:username");
                $stmt->bindParam(":hash", $hash, PDO::PARAM_STR, 60);
                $stmt->bindParam(":username", $username, PDO::PARAM_STR, 20);
                $stmt->execute();
                // Close the database connection
                db_close($db);
                return true;
            }
        } else {
            return false;
        }
    } else {
        return false;
    }
}

     if ($QR === 'NONE') {
         $mypage->leaf('p', 'Couldn\'t find a user named ' . $EscapedAccountName . '. Please check that you spelled the account name correctly.');
     } else {
         if (!$QR['UserValidated']) {
             $mypage->leaf('p', 'That user account isn\'t validated yet. If you haven\'t received your validation email, you can visit <a href="resendvalemail.php">this page</a> to re-send it (although you will need your password to do so).');
         } else {
             if ($QR['Email'] == '') {
                 $mypage->leaf('p', 'There was a problem sending the email. Either the account email address is blank, or the email could not be sent for some other reason. You might want to try again; if it still doesn\'t work, you can ask the Administrator to investigate, but be aware that the Administrator will only go so far as to check for problems with this script and with the site\'s ability to send emails, not give you access to your account.');
             } else {
                 $CharArray = 'abcdefghijklmnopqrstuvwxyz0123456789';
                 $thevstring = '';
                 for ($i = 0; $i < 20; $i++) {
                     $j = rand(0, 35);
                     $thevstring .= $CharArray[$j];
                 }
                 $encryptedthevstring = crypt($thevstring, generateSalt());
                 $QueryResult = dbquery(DBQUERY_WRITE, 'UPDATE "User" SET "ScrambleKey" = :scramblekey: WHERE "UserID" = :user:', 'scramblekey', $encryptedthevstring, 'user', $QR['UserID']);
                 $subject = 'Account Recovery Email for Brass';
                 $body = '<p>Account recovery has been requested for your account ' . $EscapedAccountName . ' for Brass. If it was not you who submitted the request, please ignore this email.</p><p>Please click on the url on the next line, or copy and paste it into your browser\'s address bar.</p><p><a href="' . SITE_ADDRESS . 'recoveraccountb.php?UserID=' . $QR['UserID'] . '&amp;VString=' . $thevstring . '">' . SITE_ADDRESS . 'recoveraccountb.php?UserID=' . $QR['UserID'] . '&amp;VString=' . $thevstring . '</a></p>' . EMAIL_FOOTER;
                 if (send_email($subject, $body, $QR['Email'], null)) {
                     $mypage->leaf('p', 'An account recovery email for ' . $EscapedAccountName . ' has been sent.');
                     $mypage->finish();
                 } else {
                     $mypage->leaf('p', 'There was a problem sending the email. Either the account email address is blank, or the email could not be sent for some other reason. You might want to try again; if it still doesn\'t work, you can ask the Administrator to investigate, but be aware that the Administrator will only go so far as to check for problems with this script and with the site\'s ability to send emails, not give you access to your account.');
                 }
             }
         }
     }
 } else {
     $EscapedAccountName = '';
     $mypage->leaf('p', 'This page may be used to attempt to recover access to an account for which you have forgotten the password. Use this feature if you are the owner of the account and you cannot remember your password. You will need to know your Secret Answer, and have access to your email address.');